Senior Offensive Security Manager

About The Position

Requirements

• Minimum of 8 years in offensive security (penetration testing, red teaming, vulnerability research, or exploit development).
• At least 4 years in a people management or leadership capacity, including experience managing managers or tech leads.
• Demonstrated experience attacking AI/ML systems (adversarial ML research, LLM red teaming, agentic system exploitation, or building offensive tooling for AI targets).
• Understanding of AI-specific attack vectors like prompt injection, indirect prompt injection, tool-use confusion attacks, and RAG poisoning.
• Demonstrated ability to build and scale an offensive security program from the ground up or significantly mature an existing one.
• Experience setting OKRs, managing budgets, and presenting to executive leadership.
• Deep understanding of the modern threat landscape and its application to cloud-native, API-first, and AI-native architectures.
• Hands-on experience with AI-augmented pentesting tools (e.g., PentestGPT, Horizon3, custom LLM-based fuzzing) and purpose-built AI red team frameworks (e.g., Microsoft PyRIT, Garak, custom harnesses).
• Ability to manage non-deterministic AI outputs in both offensive tooling and target systems.
• Ability to present complex exploit chains, including AI-specific attack paths, to developers in an inspiring and understandable manner.
• Preference for building automated 'exploit-as-code' validators over manual testing.
• Ability to architect evaluation harnesses and adversarial test suites for ML models.
• Deep familiarity with AWS security primitives, cloud-native attack paths, and container/Kubernetes exploitation.
• Experience with API-specific attack methodologies (BOLA, BFLA, mass assignment, GraphQL abuse, gRPC exploitation).
• Familiarity with how offensive security outputs map to SOC 2 Type II, ISO 27001, ISO 42001, FedRAMP, or CMMC control evidence.

Nice To Haves

• Track record of contributions to the offensive security or AI security community (conference talks, tool releases, published research, CVEs, or active participation in OWASP, MITRE, or similar working groups).
• Certifications: OSCP, OSCE, OSEP, GXPN, GPEN, CRTP, or equivalent hands-on offensive certifications.
• AI/ML-specific credentials (e.g., GIAC GMAI) are a differentiator.
• Experience running GRC or understanding how to feed it.

Responsibilities

• Define and execute the multi-year offensive security roadmap, aligning Red Team, Purple Team, and continuous validation capabilities with Postman's threat landscape and business priorities.
• Build and scale a dedicated offensive capability targeting AI/ML systems, including adversarial testing of LLM integrations, agentic workflows, RAG pipelines, and model-serving infrastructure.
• Develop AI threat intelligence by tracking and operationalizing the evolving AI threat landscape, translating external research into internal red team playbooks and detection hypotheses.
• Lead structured adversarial campaigns against Postman's LLM deployments, AI agents, and model pipelines, targeting various AI-specific vulnerabilities.
• Design and deploy AI-based penetration testing platforms and autonomous agents for continuous security validation across the API ecosystem.
• Integrate automated breach and attack simulation (BAS) into CI/CD pipelines, including AI model deployment pipelines.
• Build, manage, and scale a high-performing team of offensive security engineers, including specialized AI red team operators.
• Identify and hire talent at the intersection of offensive security and AI/ML, and build internal development paths for cross-skilling.
• Lead live 'Exploitable Demonstrations' to showcase vulnerabilities and educate engineering teams, with a focus on demystifying AI-specific attack vectors.
• Translate offensive findings into business-level risk narratives for executive leadership, the board, and external stakeholders.
• Partner with GRC on audit evidence and compliance posture derived from offensive operations.
• Operate as a senior technical leader across Product Security, Security Operations, and Engineering to ensure findings drive measurable improvements.

Benefits

• Competitive equity package
• Flexible schedule
• Full medical coverage
• Flexible PTO
• Wellness reimbursement
• Monthly lunch stipend
• Wellness programs
• Frequent and fascinating team-building events
• Donation-matching program